Architecture

About

The UP Connector is a Windows service that handles communication with the Universal Print service on behalf of the Dispatcher Paragon Spooler.

Universal print information and configuration can be found in Microsoft official documentation.

Prerequisites

  • Dispatcher Paragon installation with a server print job spooler supporting IPP communication:

    • Mobile Integration Gateway (MIG)

  • A server with Dispatcher Paragon (Windows Server OS)

  • .NET 6.0 runtime on the server

  • Azure Active Directory

  • Universal Print license

  • An account with Application Administrator and Printer Administrator roles in Azure Active Directory

  • Enabled communication:

    • HTTPS (443) - communication with the OMNI API to handle configuration and printer assignment

    • IPPS - basic protocol to transfer print jobs between the Universal Print service and the Dispatcher Paragon Spooler

Basic architecture

Single Dispatcher Paragon server environment would have to add the UP Connector service.

Advanced architecture

When there are multiple Site Servers in the Dispatcher Paragon environment, the UP Connector service is added to each Site Server. To users, each UP Connector will be represented by its own print queue name registered with the Universal Print portal.

High Availability architecture

There is also the possibility to have the UP Connectors in High Availability mode. This means that multiple instances of the UP Connectors process the same user printer queue. In case of failure of the UP Connector itself, the site server instance or the infrastructure behind them, the other UP Connectors will process the jobs instead of the failed ones. The architecture diagram could very similar to the Advanced architecture, the only difference will be that the user can see only a single printer queue and both connectors will also serve the same one.

YSoft OMNI API

The YSoft OMNI API is a common backend part for both the YSoft OMNI UP365 connector and UP Connector for the integration with Dispatcher Paragon. It makes it possible for Konica Minolta to connect the Microsoft 365 customer tenancy with YSoft tenancy, allowing both tenancies to interact in a secure manner. When the Universal Print connector is first installed it communicates with the YSoft OMNI API for the purpose of registration and identify what Microsoft 365 domain the customer is using, the secure printer is registered easily without any customer interaction or configuration. The only detail that needs to be provided to YSoft is the customer's administrator email address for the purpose of identifying and providing the customer tenancy and providing access to the YSoft OMNI API.

Security

The only piece of information retained by the YSoft OMNI API is the customer administrators email address for the purpose of identifying the customer tenancy. This is done at the time of installation of the UP Connector. The customer is signing in to Azure AD. The information is protected using Microsoft 365 security already implemented by Microsoft, the details can be found here https://docs.microsoft.com/en-us/microsoft-365/compliance/encryption?view=o365-worldwide.

In Microsoft 365, encryption is turned on by default. Users do not have to take any action or enable any configuration; it is seamless encrypted using service-managed keys and AES-256 encryption. Universal Print, as a feature in Microsoft 365, uses this same proven encryption platform. YSoft OMNI API applies the same concept of security by default and leverages the encryption provided by Microsoft to secure both data in transit and data at rest. When data is in transit, it uses Transport Layer Security (TLS). For data at rest, it relies on the Microsoft 365 storage security where any sensitive data is being held.